Social Networking Information Security
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Social Networking Information Security

on

  • 3,306 views

Need for a specific Information Security Policy for the use of Social Networking

Need for a specific Information Security Policy for the use of Social Networking

Statistics

Views

Total Views
3,306
Views on SlideShare
3,291
Embed Views
15

Actions

Likes
0
Downloads
83
Comments
0

1 Embed 15

http://www.slideshare.net 15

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Social Networking Information Security Presentation Transcript

  • 1. Social Networking Need for an Information Security Policy Bernardo Ramos 08/02/2010 February 8th 2010
  • 2. Index ● Social Networking: A new standard for interpersonal communication: ● Personal ● Professional ● It is here to stay ● Social Networking and Security ● Old threats on a new support ● New specific threats February 8th 2010 Social Networks - Information Security 2
  • 3. Social Networking: A new standard for interpersonal communication ● Social Networking is not just Facebook and Twitter: It is a composite set of: – Blogging (Wordpress / Blogger) – Microblogging (Twitter) – Tumble-logging, Link-logging (http://fr.wikipedia.org/wiki/Tumblelog) (Tumblr, Delicious) – Open Social Networks (Facebook, Myspace, Tuenty, Renren) – Professional Social Networks (LinkedIn, Viadeo) – Private/dedicated Social Networks (Ning) – Photo and Video sharing (Flickr, Youtube) – Slide Sharing (Slideshare) – Document Sharing (Google docs) – Music lists sharing (Spotify, Blip.fm) Complemented and integrated with – E-mail – Chat February 8th 2010 Social Networks - Information Security 3
  • 4. Social Networking: A new standard for interpersonal communication Personal use Professional use Very linked to mobile communication February 8th 2010 Social Networks - Information Security 4
  • 5. Social Networking is here to stay Think of many other previous innovations: 1960 ● Telephone 1970 ● Computer Terminal 1980 ● Personal Computer ● Mail 1990 ● Forums and Groupwares ● Internet 2000 ● Collaborative web and IM ● Social Networking 2010 February 8th 2010 Social Networks - Information Security 5
  • 6. Social Networking and Security ● Social Networking provides support for already existing threats: ● Phishing ● Social Engineering ● Spam ● Data Leakage ● Malware infections February 8th 2010 Social Networks - Information Security 6
  • 7. Social Networking and Security ● Social Network present new threats or extended support for existing ones (Data loss, Identity theft, Password theft, etc.): ● Shortened URL (Twitter) ● Complementary Applications (Facebook) ● Unawareness of who is reading you, + sharing a lot of personal information: – Travelling details – What you are working on – Identity information – Etc. February 8th 2010 Social Networks - Information Security 7
  • 8. Social Networking and Security ● Beside the associated Information Security threats, Social Networking represents a risk since its intensive use could: ● Overwhelm telecommunications resources ● Reduce employee productivity February 8th 2010 Social Networks - Information Security 8
  • 9. Security Policy for Social Networking ● The social networking boom shows no sign of stopping. ● For young arriving employees it makes part of their everyday-life ● Social networking sites are now a vital part of many marketing and sales strategies. ● Many companies are planning the use of social networking for internal use Therefore: ● they cannot be blocked ● but they cannot be allowed to ● drain company resources or ● be used as vectors for data loss or malware penetration February 8th 2010 Social Networks - Information Security 9
  • 10. Security Policy for Social Networking A specific Social Networking Security Policy is needed to provide:  granular access control,  secure encryption  data monitoring  comprehensive malware protection And the most important  User Awareness February 8th 2010 Social Networks - Information Security 10
  • 11. Security Policy for Social Networking ● Starting from existing policies: ● User charter for the use of Information and Telecommunication resources ● Basic Security recommendations ● Internet Access best practices ● Etc. ● Additional awareness communication specific to Social Networking: ● How to adjust your settings to protect your identity ● Use of additional applications integrated in Social Networks ● Share only what really belongs to you ● Use chat only with verified known people ● Do not run for the biggest number of connections ● Do not mix personal and professional ● Be very restrictive and careful when sharing your company activities ● Do not use the same password everywhere (good password tips) ● Do not click quickly neither everywhere ● Think you can endanger the others February 8th 2010 Social Networks - Information Security 11
  • 12. Security Policy for Social Networking ● New restrictions and controls specific for Social Networking: ● ¿Accessing hours restrictions? (Difficult and only for productivity reasons) ● Individual high volume traffic alert ● Classification of Sensitive Information ● Encryption of High sensitive data ● Granular monitoring of Internet traffic ● Identification of specific dangerous sites or tools and restrict its use ● Regulation of the use of the company name and information ● Specific restrictions depending on each Social Media and tool (per user, per hours, etc.) Using last generation Firewalls ● Etc. February 8th 2010 Social Networks - Information Security 12
  • 13. Security Policy for Social Networking ● Can we forbid Social Networking? Should we do that? It is not a good idea because most of risks will still be there since: ● People will anyway use it at work with their personal mobile devices ● People will still use it at home February 8th 2010 Social Networks - Information Security 13